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[57] ABSTRACT 

A security apparatus interfacing with a first device for 
preventing unauthorized use of a second device, the security 
apparatus including a first circuit configured to generate an 
event and a second circuit configured to provide an input to 
the first device in response to each the event, to receive a 
response from the first device in response to the input, and 
to assert a signal to disable the second device if the response 
does not correspond to an expected response. 

22 Claims, 2 Drawing Sheets 
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METHOD AND APPARATUS FOR 
PREVENTING UNAUTHORIZED USAGE OF 
A COMPUTER SYSTEM 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The present invention relates to the field of security 
systems; more particularly, the present invention relates to a 
method and apparatus for preventing unauthorized usage of 
a device, such as a computer system. 

2. Description of Related Art 

A computer system typically includes a mass storage 
device, such as a hard disk drive, which is often used to store 
confidential information. The value of maintaining the con- 
fidentiality of the information often far exceeds the value of 
the computer system itself. 

Some computer systems utilize password protection to 
prevent unauthorized access to confidential information. 
Before access to the information is granted by the computer 
system, the user is required to enter a password, preferably 
known only to authorized users. One problem with password 
protection is that many passwords are learned by unautho- 
rized users by numerous well known methods, such as 
overhearing the password being told to someone, overseeing 
the password being typed, or determining the password 
through the use of software tools that make numerous 
guesses until access is granted. Alternatively, password 
protection may often be defeated by modifying software, 
such as the operating system, or replacing or rewriting the 
bidirectional input/output system (BIOS), for example, to 
bypass the password request routine. Thus, password pro- 
tection may not provide an adequate level of protection 
against unauthorized access when considering the potential 
value of the information stored in the computer system. 

Some computer systems utilize a mechanical lock that 
acts as a switch to control access to the mass storage device. 
Before access to the information is granted by the computer 
system, the user is required to use a mechanical key to turn 
the lock to the active position. One problem with a mechani- 
cal lock is that such a system may be defeated by stealing or 
duplicating the mechanical key. Alternatively, the mechani- 
cal lock may be bypassed through relatively simple 
mechanical or electrical means, such as picking the lock or 
shorting the open circuit of the mechanical lock in the 
inactive position. Thus, mechanical lock protection may not 
provide an adequate level of protection against unauthorized 
access when considering the potential value of the informa- 
tion stored in the computer system. 

What is needed is a method and apparatus to prevent 
unauthorized access of a computer system such that the 
method and apparatus is less susceptible to unauthorized 
access than a password and/or a mechanical lock. 

SUMMARY OF THE INVENTION 

A security apparatus interfacing with a first device for 
preventing unauthorized use of a second device, the security 
apparatus including a first circuit configured to generate an 
event and a second circuit configured, to provide an input to 
the first device in response to the event, to receive a response 
from the first device in response to the input, and to assert 
a signal to disable the second device if the response does not 
correspond to an expected response. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 illustrates computer system including a security 
apparatus. 
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FIG. 2 illustrates a method of securing a device, such as 
a computer system. 

DETAILED DESCRIPTION 

5 The present invention provides a method and apparatus to 
prevent unauthorized access of a computer system such that 
the method and apparatus is less susceptible to unauthorized 
access to a password and/or means to defeat a mechanical 
lock. 

10 A key device is used to identify an authorized user. The 
key device includes logic to process input data and trans- 
form the input data to output data according to a predeter- 
mined algorithm. A security apparatus provides a random 
input data to the key device in response to an event signal, 

1S receives the output data from the key device, and verifies 
that the output data matches the expected result of the 
algorithm applied to that input data. The algorithm is suf- 
ficiently complex so as to prevent determination of the 
algorithm by unauthorized users. The methods of selecting 

20 such algorithms are well-known. 

If the output data from the device does not match the 
expected result of the algorithm, the security apparatus 
controls a critical component of the secured device, such as 
a computer system, to prevent access. For example, a critical 

25 component may be the power supply of the computer 
system. The computer system may either disable the power 
supply or cause the computer system to enter a non- 
operational low-power mode. Alternatively, the critical com- 
ponent may be the hard disk drive which may contain 
protected information. Thus, for example, the computer 
system may disable access to a portion of the hard disk drive 
or shut down the hard disk. In yet another embodiment, a 
critical component may be a bus within the computer system 
such that the computer system cannot substantially operate 

35 without the use of that bus. 

If the output data from the device does match the expected 
result of the algorithm, the security apparatus controls the 
critical component of the secured device to enable access. 

40 The security device is preferably implemented in hard- 
ware other than the processor of the secured device such that 
it cannot be disabled by the user through the secured device. 
The security device is therefore distinguished from polling 
routines that are implemented in software that may often be 

45 defeated by modifying software, such as the operating 
system, or replacing or rewriting the bidirectional input/ 
output system (BIOS), for example. In addition, a security 
device implemented in hardware is not vulnerable to soft- 
ware viruses. 

so In order to provide security against lost, stolen, or coun- 
terfeit key devices, a password processor is preferable. The 
password processor requests a password through a user- 
interface upon an event, such as the powering up of the 
secured device. If the proper password is not provided 

55 promptly, access to the computer system is denied, prefer- 
ably as described above. The password processor is prefer- 
ably implemented in hardware other than the CPU such that 
it cannot be disabled by the user through the secured device. 
The password processor is therefore distinguished from 

60 password routines that are implemented in software that may 
often be defeated by modifying software, such as the oper- 
ating system, or replacing or rewriting the bidirectional 
input/output system (BIOS), for example. In addition, a 
password processor implemented in hardware is not vulner- 

65 able to software viruses. 

FIG. 1 illustrates an embodiment of the security apparatus 
of the present invention. FIG. 1 also illustrates a computer 
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system 170 comprising the security apparatus 180. A func- sufficiently complex so as to prevent determination of the 

tional block 130 of the computer system may include a algorithm by unauthorized users. 

processor subsystem, random access memory (RAM), and a jf the output data from the device does not match the 

mass storage device, such as a hard disk drive or FLASH eX p ec ted result of the algorithm, a disable signal is asserted 

£ C ™~i!X f raS ^L e P r °S rammable read only memory 5 on the control bus 125. If the output data from the device 

(EEPROM). It will be apparent to one skilled in the art that does match me e ed ^ Qf ^ al ithm> the disable 

many well-known components of a computer system are not . , A . , , „ 

illustrated here to avoid obscuring the present invention. SI 8 nal 15 ^asserted on the control bus 125. 

An event generator 100 is used to generate an event signal In one embodiment, the polling device 110 polls the key 

on an event bus 105. A polling device 110 is coupled to the 10 device 120 throu S h ,he communication channel 115 to 

event bus 105, a communication channel 115, and a control determine a security level, which is stored on the key device 

bus 125. The polling device uses the communication channel 120 ' ud provides that information to the secured device on 

115 to check for the presence of an authentic key device 120 the xcanX y level bus 135 > wmcn 18 C0U P led 10 tne P ollln S 

in response to each assertion of the event signal. If a key device 110 Part of tne information encoded onto the key 

device is not detected or a key device is detected but not „ device 120 is ^ ^nty level for that particular key device 

authenticated, a disable signal is asserted on the control bus 120 - In one embodiment, the polling device 110 tests for one 

of a plurality of expected output data values (the result of a 

In one embodiment, the event generator 100 is an periodic corresponding algorithm applied to the same input data), 

even, generator comprising an oscillator, for example. In Each expected output data is associated with a different 

another embodiment, the event generator 100 comprises a 20 secunty level. If the output data matches one of these 

real-time clock and logic to periodically assert the event expected output data values, access to the secured device is 

signal in response to an output of the real-time clock. In P erm, " ed at the correspondmg security level. If the output 

another embodiment, the event generator 100 is configured data ?° es n ° l . ma,ch the , , ex P ected ° U, P U « d'ttvahie. the 

, «. , ■ i i c • * „, 7- disable signal is asserted to prevent access to the secured 

to assert the event signal before resuming system activity , & ... 

& ji A - a M lUa « l „ 7. u„„„l ' device. Other methods of encoding the security level on the 

after an idle period since there can be no security breaches 2s . . . . ™ & , 

without system activity. At least a portion of the event ^ "rd 120 may be used Thus, different users may be 

generator 100, such as the real-time clock, may be part of an assigned key devices with different levels of access to the 

,,. u „„u secured device. For example, users with the highest security 

external device, such as a computer system. However, such , 1 ' , & J 

a configuration may permit the real-time clock to be disabled leve ™* be g ranted ™ m P lete a ^ ss whe f as each su f cces " 

through software or hardware control, for example. 30 ^ivdy lower secunty level may be granted access to fewer 

Therefore, the preferred embodiment of the event generator devices and/or more limited P ortlons of the memo ^ 

100 comprises components that are dedicated to the security The security level is requested m response to each asser- 

apparatus 180 such that software or hardware controls tion of the event signal. Alternatively, the security level is 

cannot disable the generation of the periodic signal beyond requested each time the security apparatus 180 detects a new 

powering down the computer system. In one embodiment, 35 kev device 120 coupled to the communications channel 115. 

the period of the event signal is approximately 0.5 seconds. Other methods of determining when to poll the key device 

A smaller period may yield higher security at the expense of 120 for the security level may be used, 

system performance and a larger period may yield reduced In one embodiment, the polling device 110 receives 

security with increased system performance. It will be information from the secured device on the information bus 

apparent to one skilled in the art that the event signal may 40 145 and transmits that information on the communications 

have other periods. channel 115 to the key device 120. The key device 120 may 

In one embodiment, the key device 120 is a Personal store or otherwise process this information. This information 
Computer (PC) card and the communications channel 115 is may include an identification of the secured device that was 
a PC bus slot. In another embodiment, the key device 120 being accessed with this particular key device 120 or a 
uses a two- wire protocol such as a System Management Bus 45 description of one or more activities being performed on the 
(SMBus), an Inter-Integrated Circuit I 2 C bus, or a PS/2 secured device, for example. This may provide the user of 
keyboard or mouse interface (a trademark of International the key device 120 a record of his presence and activity on 
Business Machines Corporation). In another embodiment, the secured device. For example, this information may be 
the key device 120 is a parallel port device and the com- recorded to document the time and productivity of a com- 
munications channel 115 is a parallel port. Alternatively, the 50 puter operator or provide proof of a banking related trans- 
key device 120 is a wireless device and the communications action on a computer system or a cash machine. In addition, 
channel 115 is a medium for electromagnetic transmission. the polling device 110 may also receive information from 
A wireless key device 120 may be maintained on an autho- the key device 120 on the communications channel and 
rized user's person such that access to the computer is transmit this information to the secured device on the 
permitted simply when his person is in the transmission 55 information bus 145. For example, this information may 
range of the polling device 110. It will be apparent to one uniquely identify the user such that information regarding 
skilled in the art that any means of communication between the usage and activities performed by this user may be 
two devices may be used as the communication channel 115. recorded by the secured device. 

The key device 120 has logic to process input data and In one configuration, the security apparatus 180 also 
transform it to output data according to a predetermined 60 includes a password processor 150 which initiates a request 
algorithm. The polling device 110 provides a random input for a password on the bus 165 in response to an event signal 
data to the key device 120 in response to an event signal, on an event bus 155. The bus 165 is coupled to a user- 
receives the output data from the key device 120, and interface 160, which may include a video display to prompt 
verifies that the output data matches the expected result of the user and a keyboard for the user to provide the password, 
the algorithm. The polling device 110 comprises logic to 65 However, other prompting devices, such as a speaker for an 
generate random input data and logic to compute the audio prompt, and other input devices, such as a microphone 
expected output data of the algorithm. The algorithm is coupled with speech recognition software, may be used. In 
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one embodiment, the event signal is asserted once the In step 210, a period of time is provided for a second data 

secured device is operational after powering up. However, to be received in response to the receipt of the first data. The 

other events may be used to cause the event signal to be second data corresponds to the output of an algorithm 

asserted. applied to the first data. In one embodiment, the second data 

If the user fails to promptly provide the appropriate 5 corresponds to one of a plurality of expected output data 

password, a disable signal is asserted on the control bus 175. values (the result of a corresponding algorithm applied to the 

If the user promptly provides the appropriate password, a same input data). Each expected output data is associated 

disable signal is deasserted on the control bus 175. The with a different security level. The period of time provided 

control bus 175 and the control bus 125 are coupled to the ^ a ma tter of engineering choice. 

inputs of an or gate 195 to generate a disable signal on the 1Q In step 215> u fc determine d whether the second data is 

control bus 185. received within the period of time provided. If the second 

In one embodiment the control bus 185 is coupled to a data is not received during this pe rio d, step 235 is per- 

cntical device 140 within the functional block 130 to disable formed Jf the data fc recejved duri thLs ^ 

Us functionality when the disable S1 gnal is asserted 22Q fa formed In one ernbo diment, the second data 

Alternatively, the critical device 140 may be coupled 15 information received from the key device . For 

directly to the control bus 125 and/or the control bus 175. A example) mis information may uniquely identify the user 

critical device 140 11s selected such that the computer system such ^ information reg arding the usage and activities 

170 cannot ftiUy function when this critical device 140 is formed b tnis ^ may be recorded on the 

disabled. It will be apparent to one skilled in the art that the de vice 

degree of non -functionality of the computer system 170 in „ T / 4l 4 , w . , , 

& 14 / . - 20 In step 220, at least one expected result is computed using 

response to the disable signal is a matter of engineering appropriate a i gor ithm(s) applied lo the first data. Mul- 

cho.ce. Preferably, the computer system 170 » disabled at tiple ^ e ' cted outp £ u , data values (the result of a correspond- 

least to the degree that confidential information cannot be • i % u %• a * ' * * a »«\ „ *^a 

, . 6 ... iiL . 4 . , j • ha n ing algorithm applied to the same input data) are associated 

accessed. In one embodiment, the critical device 140 com- f , * * , i 

. . ... 4 iU with different security levels, 

prises a mass storage device in which access to the mass _ „^ , J . , 4 . , , r . 

,v a;Z,u\~a ,„ ( l„ j- nMfl 25 In step 225, the second data is compared to each of the at 

storage device is disabled in response to the disable signal. a 

In another embodiment, the security level signal is used to least one ex P ected results - 

determine which portions of the mass storage device may be In ste P 230 > tf the second data does DOt mat f an X on f e of 

accessed. Different portions of the mass storage device may the at Ieast one expected results, step 235 is performed. If the 

contain information that is more or less confidential than 3Q data and . one of the at least one expected results 

other portions. In another embodiment, the critical device match, step 240 is performed. 

140 comprises an internal system bus in which the internal In step 235, the disable signal is deasserted. 

system bus is disabled in response to the disable signal. In In step 240, a security level corresponding to the second 

still another embodiment, the critical device 140 is the data is determined. In one embodiment, the security level is 

power supply of the computer system 140 in which the 35 determined by which of the plurality of expected output 

power provided by the power supply is reduced or elimi- values matches the second data. 

nated in response to the disable signal. In yet another In step 245, the disable signal is asserted. In one 

embodiment, the disable signal causes the computer system embodiment, the disable bus is coupled to a critical com- 

to enter a standby mode. ponent of the secured device to disable its functionality 

In yet another embodiment, the security apparatus 180 is 40 when the disable signal is asserted, 

integrated onto other secured devices, such as the mass The invention has been described in conjunction with the 

storage device itself. Although the present invention is preferred embodiment. It is evident that numerous 

discussed in context of a computer system, it will be alternatives, modifications, variations and uses will be 

apparent to one skilled in the art that the present invention apparent to those skilled in the art in light of the foregoing 

may be applied to any device capable of being disabled or 45 description, 

otherwise controlled, such as a cellular phone, automobile, What is claimed is: 

or electronic door locks. 1. A security apparatus interfacing with a first device for 

FIG. 2 illustrates an embodiment of a method for securing preventing unauthorized use of a second device, said secu- 

a device, such as a computer system. rity apparatus comprising: 

In step 200, an event signal is asserted. In one 50 a first circuit configured to generate a first event; 

embodiment, the event signal is a periodically asserted a second circuit configured to provide a first input to said 

signal with a period of approximately 0.5 seconds. However, first device in response to each of said first event, to 

it will be apparent to one skilled in the art that the event receive a response from said first device in response to 

signal may have other periods. In another embodiment, the said first input, to assert a first signal to disable said 

signal is asynchronously generated before resuming system 55 second device if said response does not correspond to 

activity after an idle period since there can be no security an expected response, and to provide a level of security 

breaches without system activity. corresponding to a value included in the first device; 

In step 205, a first data is provided in response to an and 

assertion of the event signal. In one embodiment the first a third circuit configured to provide a password prompt in 

data includes information provided in response to an asser- 60 response to a second event, to receive a second input 

tion of the event signal. The key device may store or from a user interface and to assert a second signal to 

otherwise process this information. This information may disable said second device if said second input does not 

include an identification of the secured device that was being correspond to said password. 

accessed with this key device or a description of one or more 2. The security apparatus of claim 1 wherein said first 

activities being performed on the secured device, for 65 circuit generates a periodic event. 

example. This may provide the user of the key device a 3. The security apparatus of claim 1 wherein said first 

record of his presence and activity on the secured device. circuit generates an asynchronous event. 
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4. The security apparatus of claim 1 wherein said first a second device configured to be disabled in response to 
device is a PC card. said first signal; and 

5. The security apparatus of claim 1 wherein said first a third circuit configured to provide a password prompt in 
device is a wireless device. response to a second event, to receive a second input 

6. The security apparatus of claim 1 wherein said first 5 from a user interface and to assert a second signal to 
device uses a 2-wire protocol. disable said second device if said second input does not 

7. The security apparatus of claim 1 wherein said first correspond to said password. 

device uses parallel port protocol, 13 - ^ security apparatus of claim 12 wherein said first 

8. The security apparatus of claim 1, wherein said second circuit generates a periodic event 

event is generated in response to said second device being 10 . 14 : ™ e of claira 12 wherein said firsl 

H circuit generates an asynchronous event. 

p0 ^ e If U P* - , . i i . .j , 15. The computer system of claim 12 wherein said first 

9. The security apparatus of claim 1 wherein said second , . . Dr , _ , J 
. t . J K\ . c 4 . , r , , . device is a PC card. 

circuit further provides information to said first device in lfi ^ uter system of claim n wherein said first 

response to each said event. device ^ a wirdess devicet 

10. The security apparatus of claim 9 wherein said infer- is 17 ^ computer syste m 0 f claim 12 wherein said first 
raation comprises an identifier corresponding to said second deyice uses a 2 _ wire protocol 

device. j^e g^^iy apparatus of claim 12 wherein said first 

11. The security apparatus of claim 9 wherein said infer- device uses paralld port protocol 

mation comprises a description of an activity being per- 19 The computer system of claim 12) whe rein said 

formed by said second device. 20 second circuit farther provides information to said first 

12. A computer system interfacing with a first device for device ^ response to each ^ eventt 

preventing unauthorized use, said computer system com- 20 ^ computer system of claim 12 whe rein said second 

P nsin S : circuit further provides information to said first device in 

a first circuit configured to periodically generate a first response to each said event. 

event; 25 21. The computer system of claim 20 wherein said 

a second circuit configured to provide a first input to said information comprises an identifier corresponding to said 

first device in response to each of said first event, to second device. 

receive a response from said first device in response to 22. The computer system of claim 20 wherein said 

said first input, to assert a first signal if said response information comprises a description of an activity being 

does not correspond to an expected response, and to 30 performed by said second device, 
provide a level of security corresponding to a value 

included in the first device; * * * * * 
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